Important Update

Hi All

Please see the below snippet from Google that all Chromium and Chromium OS devs received recently.

This news has caused something of an uproar in the community (see, and as a couple of examples.

This will affect all Open Source builders of Chromium so will prevent sync from the browser that people build for Arch, Gentoo and  Debian (to name a few). It will of course also affect Chromium OS.

What does the below update really mean?

As of March 15th the API keys that are currently embedded within the image, will be severely rate limited. Since Google will also alter their Terms of Service, I will no longer be able to even embed the API keys into the ChromiumOS image.

This does not mean its all over however, but means once the keys are removed, new builds of the Chromium OS you all use, will no longer be able to log in.

From the 27th February I will be removing the embedded keys from Special and Daily builds. I cannot deviate from the Google ToS change so must adhere to the new ruling.

On March 15th, I will also be disabling the current API. This will negate login on builds older than the 27th February, as will Googles changes. You can still use old images but they may not permit login. Guest accounts will still function as designed however.

What can we all do?

In order to continue using Chromium OS with a login, you will need to deploy your own API keys at run time. I have to stress that these keys will still be rate limited but will suffice for development purposes.

The above dates still give you 2 weeks to get your own API keys and deploy at runtime as per the guidance from Google.

To get your API Keys:

  • Follow the guidance noted in to create yourself an API Key, Client_ID and Secret. Please note, as per the API Document, the keys you have now acquired are not for distribution purposes, and are only for development use.
  • Download the latest daily or special build from
  • Install or boot the image from USB, and use Ctrl-Alt-F2 to get to command line. Login as chronos. Alternatively use shell from a guest account session.
  • Edit /etc/chrome_dev.conf and add the following:

Reboot and enjoy!

Development update from Google:

Hi Chromium Developer,

We are writing to let you know that starting March 15, 2021, end users of Chromium and Chromium OS derivatives using google_default_client_id and google_default_client_secret on their build configuration will no longer be able to sign into their Google Accounts.

What do I need to know?
During a recent audit, we discovered that some 3rd-party Chromium-based browsers had keys that were allowed to access Google APIs and services that are reserved for Google use only. Chrome Sync is the most notable of these APIs.

In practice, this means that a user would be able to access their personal Chrome Sync data (such as bookmarks) not just with Chrome, but also with a non-Google, Chromium-based browser. Please note that users would only be able to access their own Chrome Sync data, and only a small fraction of users of Chromium based browsers were impacted. We have no reason to believe that user data is being abused or accessed by anyone other than the users themselves.

As part of Google’s efforts to improve user data security, we are removing access from Chromium and Chromium OS derivatives that used google_default_client_id and google_default_client_secret on their build configuration to Google-exclusive APIs starting on March 15, 2021. Guidance for vendors of Chromium derivative products is available on the Chromium wiki.

What does this mean for my users?
Users of products that are incorrectly using these APIs will notice that they won’t be able to log into their Google Accounts in those products anymore.

For users who accessed Google features (like Chrome Sync) through a 3rd-party Chromium-based browser, their data will continue to be available in their Google Account, and data that they have stored locally will continue to be available locally.

As always, users can view and manage their data through Google Chrome, Chrome OS, and/or on the My Google Activity page, and they can also download their data from the Google Takeout page, and/or delete it from this page.

What do I need to do?
To avoid disruption, follow the instructions for configuring and building Chromium derivatives in the Chromium Wiki (link provided above)

3 thoughts on “Important Update”

  1. Could you maybe cut Google out and add an option to add either a local user, or possibly (much harder) a system to sync Chromium accounts etc? (Bookmarks can be exported, and I’m sure some/ most users wouldn’t mind reinstalling extensions…)

    This article ( captures my views really well. For a company that uses so much open source software, it’s left its open source projects (AOSP, Chromium (OS)) to wither away with abandon.

  2. Will this change be in affect for your special builds? I noticed that version 90 still allows me to login, so I am not sure if you’re using your own API keys or if that hasn’t taken effect, yet.

  3. Honestly, all I see is the Apple-ification of Google. They’re slowly shutting out open source communities they once fostered. They’re restricting access to user data that consumers should clearly have the authority over. My belief is that consumers should have the option to access their data from any service they want. Rather than fixing the backdoors to Google-exclusive features they’re just killing the APIs. That’s what Apple did to everything that was “insecure” on macOS, because where’s the profit in facilitating innovation in a community that does things for fun? We saw the same thing with Substratum in Android. Eventually Apple even started hiding every new API behind “special request entitlements”. I really f**ing hope Google doesn’t jump on that train. The “superior” for-profit corporations are the ones that relinquish control, and that’s just what it is. I’m sure Android will become a Google-only project and Chrome will become just another Apple Appstore. If that prediction doesn’t leave you in denial or it angers you–I doubt there are any apple fanboys around here–then it’s not really far-fetched.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.